lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20090710052938.GA6146@cr0.nay.redhat.com>
Date:	Fri, 10 Jul 2009 13:29:38 +0800
From:	Amerigo Wang <xiyou.wangcong@...il.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Amerigo Wang <xiyou.wangcong@...il.com>,
	Changli Gao <xiaosuo@...il.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: PATCH: fd leak if pipe() is called with an invalid address.

On Thu, Jul 09, 2009 at 08:31:03PM -0700, Linus Torvalds wrote:
>
>
>On Fri, 10 Jul 2009, Amerigo Wang wrote:
>
>> On Thu, Jul 02, 2009 at 03:21:55PM +0800, Changli Gao wrote:
>> >fd leak if pipe() is called with an invalid address.
>> >
>> >Though -EFAULT is returned, the file descriptors opened by pipe() call
>> >are left open.
>> >
>> >Signed-off-by: Changli Gao <xiaosuo@...il.com>
>> >----
>> >
>> > x86/ia32/sys_ia32.c     |    5 ++++-
>> > xtensa/kernel/syscall.c |    5 ++++-
>> > 2 files changed, 8 insertions(+), 2 deletions(-)
>> >
>> >
>> >--- arch/x86/ia32/sys_ia32.c.orig	2009-07-02 15:08:39.000000000 +0800
>> >+++ arch/x86/ia32/sys_ia32.c	2009-07-02 15:09:49.000000000 +0800
>> 
>> This patch is not correctly made... You need to make the patch in the
>> _upper_ directory of the top source code tree (if you don't use git),
>> so that we can apply it with 'patch -p1 < XXX'.
>> 
>> Probably this is the reason why Linus still doesn't merge it.


Hi, Linus.

>
>No, the main reason I haven't merged it is that I don't think the patch is 
>worth it. 
>
>If you give a bad area to pipe(), there's no point in closign the file 
>descriptors. It's a user-space bug. You got your file descriptors, you 
>just don't know what the hell they are, because your program is sh*t. 
>There's no point in the kernel trying to clean up, because the cleaned-up 
>state is not any better.

I totally agree that it is a user-space program's fault if it hits this,
but that doesn't mean we don't need to fix it in kernel, because logically
we are leaking fd's in that path.

Please also check sys_pipe2() in fs/pipe.c.

Thank you.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ